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(57) Abstract 

A method and system identify programming code 
that is appropriate to the architecture and capabilities of 
a set-top terminal in a cable television system. The ap- 
propriate programming code is identified from among a 
variety of code objects being broadcast from the head- 
end facility of the cable television system. A platform 
identifier stored in the set-top terminal is matched to a 
corresponding platform identifier in an entitlement man- 
agement message or other download locator message that 
specifies where in the transport stream from the headend 
a particular code object can be acquired. By acquiring the 
object corresponding to the message bearing a matching 
platform identifier, the set-top terminal acquires program- 
ming code compatible with its attributes. Additionally, 
the cable television system can then optimally support a 
varied population of set-top terminals. 
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TITLE OF THE INVENTION 

Method and System for Identifying and Downloading Appropriate 
Software or Firmware Specific to a Particular Model of Set-Top Box in a Cable 
Television System 

5 

RELATED APPLICATIONS 

This application claims priority from a previous U.S. provisional patent 
application entitled "Software and Firmware Initialization and Upgrade 
Management System and Method for an Advanced Set-Top Box in a Cable 
10 Television System," Serial No. 60/130,328, filed April 21, 1999. 



FIELD OF THE INVENTION 

The present invention relates to the field of initializing a set-top terminal of a 
cable television system and upgrading the software or firmware in the set-top 
1 5 terminal. More particularly, the present invention relates to the field of identifying 
and then downloading a specific version of a base platform code or other code 
object over the cable network that is appropriate to the architecture and capabilities 
of set-top terminal performing the download. 

20 BACKGROUND OF THE INVENTION 

In a typical cable television system, subscribers are provided with a set-top 
box or terminal. The set-top terminal is a box of electronic equipment that is used 
to connect the subscriber's television, and potentially other electronic equipment, 
with the cable network. The set-top box is usually connected to the cable network 

2 5 through a co-axial wall outlet. 

The set-top box is essentially a computer that is programmed to process the 
signals from the cable network so as to provide the subscriber with the cable 
services. These services from the cable television company typically include access 
to a number of television channels and, perhaps, an electronic program guide. 

3 0 Additional premium channels may also be provided to subscribers at an additional 

fee. Pay-per-view events and video-on-demand may also be provided over the cable 
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network. The set-top box is programmed to provide these and other services to the 
subscriber. 

However, the services of the cable company need not be limited to providing 
television programming. Some cable companies are now offering internet access 
5 and e-mail over their cable networks at speeds much faster than are available over 
conventional telephone lines. It is anticipated in the future that more and more 
services will be provided over the cable network, including even basic telephone 
service. Eventually, each home or office may have a single connection, via the 
cable network, to all electronic data services. 

1 0 When a new set-top terminal is added to the cable network, it must be 

initialized. To initialize a set-top terminal, the terminal must be provided with the 
programming required to allow it to function within the specific cable network to 
which it is connected and to thereby provide the services for which the subscriber 
has paid. Additionally, as the cable network and the services provided evolve, the 

1 5 set-top terminal must also evolve to be a&le to provide subscribers with all the 
services of the cable network. This set-top box evolution will primarily involve 
changes to the programming, or perhaps a re-initialization, of the set-top box. By 
upgrading the soft- or firmware of the set-top box, the box can be made to perform 
more efficiently or offer new services as the cable network evolves. 

20 In order to initialize new set-top terminals and upgrade the programming in 

the existing population of set-top boxes on a cable network, it is preferable to 
transmit the necessary programming to the set-top boxes via the cable network 
itself. Otherwise, a technician must visit each subscriber to install or upgrade the 
set-top boxes. Such field installations and upgrades would obviously be at 

2 5 significant expense. The headend is the facility from which the cable network 

operator broadcasts television signals and provides other services over the cable 
network. Software that is provided to the population of set-top terminals could be 
broadcast from the headend over the cable network. . 

However, there are a variety of problems associated with initializing and 

3 0 upgrading set-top terminals by broadcasting programming from the headend. For 

example, over time the population of set-top terminals will likely include different 
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makes and models of set-top terminals with different capacities. The software 
required to initialize or upgrade each make and model of set-top terminal may be 
different. Consequently, there is a need in the art for a method of matching the 
proper programming code to the capabilities of the set-top terminal being initialized 
5 or upgraded. Additionally, there is a need to automate the initialization process so 
as to eliminate or decrease the time required by a technician to install, upgrade or 
re-initialize a set-top terminal. 

SUMMARY OF THE INVENTION t* 

10 It is an object of the present invention to meet the above-described needs and 

others. Specifically, it is an object of the present invention to provide a method and 
mechanism for matching the proper programming code being broadcast over the 
cable plant to the capabilities of the set-top terminal being initialized or upgraded. 
Additionally, it is a further object of the present invention to automate the 

1 5 initialization process so as to eliminate or decrease the time required by a technician 
to install, upgrade or re-initialize a set-top terminal. 

Additional objects, advantages and novel features of the invention will be set 
forth in the description which follows or may be learned by those skilled in the art 
through reading these materials or practicing the invention. The objects and 

2 0 advantages of the invention may be achieved through the means recited in the 
attached claims. 

To achieve these stated and othe^bbjects, the present invention may be 
embodied and described as a method of identifying a code object for download by a 
set-top terminal from a data transport stream broadcast to the set-top terminal over a 

25 cable television system where the object identified is appropriate to the architecture 
and capabilities of the set-top terminal. The method is performed by matching a 
platform identifier stored in the set-top terminal with a platform identifier in a 
download locator message that specifies where in the data transport stream a 
particular code object can be acquired. The platform identifier is specific to the 

30 architecture and capabilities of the set-top terminal. Preferably, the download 
locator message is an entitlement management message. 
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Prior to comparing the platform identifiers, the method includes tuning the 
data transport stream with the set-top terminal based on a table of control channels 
carrying data transport streams. After tuning the data transport stream, the method 
proceeds by collecting PID 1 packets from the data transport stream and extracting 
5 from the data of those packets a table specifying packet identifiers for a group of 
download locator messages being transmitted on the data transport stream. With 
this table, the method proceeds by successively acquiring each of the download 
locator messages listed in the table and extracting from each download locator 
message a platform identifier. This continues until a download locator message is 
1 0 found bearing a platform identifier that matches the platform identifier stored in the 
set-top terminal. 

After a match is found, the method proceed by obtaining locator data from 
the download locator message that has-tfie platform identifier that matches the 
platform identifier stored in the set-top terminal. The locator data specifies where in 

15 the data transport stream a particular code object can be acquired. That particular 
code object will be appropriate for and compatible with the set-top terminal as 
indicated by the matched platform identifiers. The method then concludes with 
downloading to the set-top terminal the particular code object specified by the 
locator data from the download locator message that contains the platform identifier 

2 0 that matches the platform identifier stored in the set-top terminal. 

The particular code object being acquired can be any of several different 
classes of objects. For example, the object can be a base platform code object, an 
operating system code object or a resident application code object. 

The present invention also encompasses the necessary hardware to perform 

25 the method described above. For example, the present invention encompasses a 
system for of identifying a code object for download by a set-top terminal from a 
data transport stream broadcast to the set-top terminal over a cable television system 
where the object identified is appropriate to the architecture and capabilities of the 
set-top terminal. Such a system would minimally comprise means for obtaining a 

30 first platform identifier in a download locator message that specifies where in the 
data transport stream a particular code object can be acquired; and means for 
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matching the first platform identifier with a second platform identifier stored in the 
set-top terminal. 

BRIEF DESCRIPTION OF THE DRAWINGS 
5 The accompanying drawings illustrate the present invention and are a part of 

the specification. Together with the following description, the drawings 
demonstrate and explain the principles of the present invention. 

Fig. 1 is a block diagram illustrating the three different stages at which 
different programming packages have cbntrol of the set-top terminal during the 
1 0 initialization process of the present invention. 

Fig. 2 is a flow chart illustrating the steps of the initialization process for a 
set-top terminal according to the present invention. 

Fig. 3 is a block diagram of the various memory devices and some code 
objects used in a set-top box according to the present invention. 
1 5 Fig. 4 is a flow chart illustrated the method of the present invention for 

identifying code objects to be downloaded that are appropriate to the architecture 
and capabilities of the downloading set-top terminal. 

DETAILED DESCRIPTION OF THE INVENTION: 
2 0 The present invention addresses the problems involved in broadcasting a 

variety of programming over a cable television system for download by the 
population of set-top terminals coimectf <i to the network so as to initialize or 
upgrade those terminals where different programming objects being broadcast are 
appropriate to different specific classes of set-top terminals within the terminal 

2 5 population and each downloading terminal must identify and acquire the 

programming object or objects appropriate to its architecture and capabilities. 
This process includes providing those code objects to the set-top boxes that are 
necessary to allow those set-top boxes to function within the cable system or to 
upgrade the programming resident in different classes of set-top boxes so as to 

3 0 provide the services purchased by subscribers. 
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Stated in broad principle, the present invention aims to provide a set-top 
terminal architecture that includes a resident boot code object. As shown in Fig. 3, 
the boot code object (302) resides in the set-top terminal (300), preferably in read- 
only memory (ROM) (301) and can automatically execute and initialize or re- 
5 initialize the set-top terminal. The boot code will preferably be automatically 
executed by the central processor (321) of the set-top terminal. Execution of the 
boot code may be triggered by and immediately follow connection of power to the 
set-top terminal. The present invention may additionally require connection of the 
transport stream signal (322) from the cable system before execution of the boot 

1 0 code is triggered. Once the boot code is executing, no further action by the 
user/installer need be required. Moreover, no specific interaction is required 
between the headend and the set-top terminal that is initializing or booting. 

As will be described in detail below, the boot code (302) of the present 
invention will automatically find, download and begin execution of the correct 

1 5 software code object or objects needed to initialize the set-top terminal. The boot 
code (302) will locate, identify and download the required programming from 
among potentially many code objects that might be multiplexed on the transport 
stream (322) coming from the headend facility of the cable television system. The 
boot code (302) recognizes the hardware configuration of the set-top terminal (300) 

20 in which it resides via an internal ROM coded identifier (320). This identifier (320) 
is matched against a value carried in an object download locator message from the 
transport stream (322) to insure that the boot code (302) obtains and downloads 
objects appropriate to the set-top terminal (300) in which the boot code (302) is 
resident. 

25 Functionally, the boot code of the present invention will identify an 

appropriate control channel frequency, find the stream of control data packets 
within that control channel, identify and download the correct object from among 
the objects on the transport stream, verify that the downloaded code is authorized 
and error-free, and start the downloaded code without direct assistance by a 

30 technician or intervention from the headend. The term "boot code" as used herein 
comprises the minimal code needed to accomplish this functionality. 
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There are essentially two distinct phases of programming a set-top box 
addressed by the present invention. The first is the initial programming of the set- 
top box. The second is upgrading the programming or re-initialization of the set-top 
box after that box has been placed in service. 
5 The initial programming of the set-top box is often performed by the cable 

system operator after the set-top box Iras been purchased from a manufacturer. 
Because each cable network is designed and built at different times by different 
service providers, each cable network may have a different design and architecture 
and use different code objects. Additionally, each system will likely have different 

1 0 classes of set-top terminals which were installed at different times and have 

different architectures and capabilities. Moreover, the specific services offered may 
vary among cable networks. 

Therefore, to adapt the set-top boxes to function within the specific 
environment of a service provider's cable system and to provide the specific group 

15 of services currently offered by that particular service provider, each set-top box 
must be programmed accordingly or "initialized." Additionally, each terminal 
should, thereafter, be periodically re-programmed or upgraded to continue to 
function optimally within the evolving cable television system. Each time the 
programming of a set-top terminal is changed, the new code must be appropriate to 

20 the architecture and capabilities of that "terminal. 

The process of programming or reprogramming a set-top terminal according 
to the present invention will now be explained. In order for a set-top terminal to be 
initialized, i.e., accept and utilize the initial programming it receives, it must have 
some base programming that instructs it how to accept and use that initial 

2 5 programming. This base programming within the context of the present invention is 
called the boot code. As described above, the boot code is computer code resident 
in the permanent memory of the set-top terminal that is loaded, preferably into read- 
only memory, at the factory and cannot be changed once a terminal has been 
deployed. 

30 As shown in Fig. 1, there are three general tiers or classifications of 

programming that run on or have control of the set-top terminal during different 
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stages in the initialization and operation of the terminal according to the present 
invention. Referring to Fig. 1, the first classification of code is the boot code (1). 
While running the boot code (1), the set-top terminal cannot provide any services to 
the subscriber. The function (2) of the boot code (1) is to search the data transport 
5 stream received from the headend facility to locate, acquire and begin execution of 
the base platform code (3) which is the next tier or classification of programming. 

The boot code (1) is designed to authenticate the base platform code after the 
base platform code is downloaded. The boot code (1) will preferably re- 
authenticate the base platform code every time it launches the base platform object 
1 0 (3). When the base platform code (3) is executing, the execution of the boot code 
(1) is terminated and control of the set-top terminal passes to the base platform code 

(3). ,4, > 1 - 

The base platform code (3) may be factory loaded. However, under the 
principles of the present invention, the base platform code (3) is preferably 
15 transmitted to the set-top terminal from the cable headend during the initialization 
of the terminal. This allows the operator of the cable system to customize the base 
platform code (3) for optimal operation on the specific cable system where the set- 
top terminal is deployed. Preferably, the base platform code (3) is transmitted over 
the cable plant on an out-of-band (OOB) transport stream. However, it is within the 

2 0 scope of the present invention for the base platform code (3) to be transmitted on an 

in-band control channel. 

The base platform code (3) has two functions. The first function of the base 
platform code (3) are to provide the basic capability of allowing a subscriber to 
watch television using the signal from the cable television system. The second 
25 function is to control the download (5) of the next classification of code objects, i.e., 
the target operating system (O/S) and resident applications (6). The base platform 
code (3), while allowing subscribers to watch television, does not generally support 
any additional functions of the set-top terminal. However, the base platform code 
(3) can acquire, authenticate, authorize and execute objects of the third and final 

3 0 classification of programming (e.g., the O/S) (5). 
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The third classification of programming, the operating system and resident 
applications (6) provide the additional set-top terminal functions available from the 
cable system. The operating system (O/S) is typically code from a third party (such 
as Microsoft's WinCE™) that provides access, with the resident applications, to all 
5 authorized set-top terminal capabilities. The operating system typically uses an 
additional embedded code module provided by the manufacturer of the set-top 
terminal which interfaces the operating system with the particular hardware of that 
set-top terminal to enable the operating system to function with that specific set-top 
terminal. 

1 0 Resident applications are computer programs that run on the set-top terminal 

under the operating system. The resident applications work with the operating 
system to provide the capabilities of the set-top terminal that are in addition to 
watching television. The native suite is a specified group of software applications, 
including the operating system and perhaps various resident applications, that 

1 5 provide the intended functions of the set-top terminal. Specific elements of the 
native suite are determined by the system operator. 

As indicated in Figs. 1 and 3, the boot code (1, 302) is preferably factory- 
loaded in the read-only memory (ROM) of the set-top terminal and is executed as 
soon as AC power is provided to the set-top terminal. Alternatively, the boot code 

2 0 may be executed in response to a reset signal (4) received, for example, from the 
headend, i.e., the system operator. This allows the system operator to re-initialize 
the set-top terminal whenever desired. 

The reset signal (4) is preferably received by the base platform code (3) 
which then terminates execution of the operating system and resident applications 

2 5 (6), if running, and begins execution of the boot code ( 1 ). Alternatively, the reset 

signal (4) may cause the base platform code (3) to terminate and reload the native 
suite (6) rather than execute the boot code (1). 

As described above, whenever executed, the boot code (1) acquires and loads 
the base platform code (2). The base platform code may be provided to the set-top 

3 0 terminal over the cable network from the headend or, alternatively, may be factory- 

loaded along with the boot code. The boot code (1) will either download the base 
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platform code (3), for example, over an out-of-band channel from the headend or, if 
the base platform code was factory-loaded, identify the base platform code (3) in 
memory. The boot code (1) authenticates the base platform code (3) from whatever 
source it is obtained and then executes the base platform code (3) . 
5 The base platform code (3) then acquires the operating system and, 

preferably, the other objects of the native suite (6). The operating system and the 
other objects are downloaded from the headend over the cable network. The base 
platform code (3) will acquire the operating system and other objects when first 
executed or, while running, in response to an initialization message (4) from the 

1 0 system operator. The initialization message (4) maybe provided over the cable 
network. The operating system and resident applications (6) are then executed 
when the native suite is acquired, authorized and authenticated. 

Fig. 2 is a flowchart providing a more detailed explanation of the 
initialization sequence according to the present invention. As shown in Fig. 2, when 

15 the set-top terminal is first powered, or an appropriate reset signal has been 
received, the boot code is executed (229). The boot code must first determine 
whether the set-top box has or must acquire the base platform code. To determine 
this, the boot code first checks the flash memory for the base platform code, the last 
known carrier (LKC) frequency of the control channel from the headend, and an 

2 0 Entitlement Management Message Provider Identification ("EMM Provider ID") 
(201,202). 

If any of three following conditions are discovered, the boot code will 
conclude that it must acquire the base platform code and will hunt for the out-of- 
band channel or the in-band channel from which the base platform code can be 

2 5 obtained. The boot code seeks to acquire the base platform code if (1) the base 

platform code, last known carrier and EMM Provider ID are not stored in the Flash 
memory, (2) the base platform code in the Flash memory fails an authentication 
check or (3) non- volatile memory indicates that hunting for the control channel 
(likely an out-of-band channel) is required. 

30 If the Flash check determines that a base platform code object exists, the 

boot code proceeds to execute that base platform object after appropriate 
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authorization and authentication as described below. If both the base platform and 
the O/S are loaded in Flash, the boot code authorizes and authenticates the base 
platform and then launches the base platform and passes control of the set-top 
terminal thereto. The base platform object, in turn, authorizes and authenticates 
5 (A&A) the O/S. The authenticated O/S is then run and control passes to the O/S. 

If the base platform code is not loaded in Flash memory, the boot code loads 
the base platform off of the out-of-band transport stream (203, 204, 207). However, 
before it is written to Flash memory, a successful authentication is required (206, 
205). When the authenticated base platform code is executed, the boot code passes 

1 0 control to the base platform (2 1 1 ,228).- If the base platform code fails the 

authentication check (205), the failed base platform code is deleted (208) and a 
counter is incremented (209) that tracks the number of attempts to acquire and 
authenticate a base platform code. If the counter is below a predetermined 
acceptable number of attempts, the base platform code is again downloaded (207). 

1 5 Alternatively, if the acceptable number of attempts to download the base platform 
code is exceeded, the set-top terminal may signal the headend for a service call 
(210). 

Under the principles of the present invention, the boot code locates the base 
platform object using a boot code message or "bootcode_control_message" that is 
2 0 sent periodically on the out-of-band transport stream (204). Use of the 
bootcode_control_message will now be described in detail. 

When the boot code determines the need to download the base platform 
object, it first hunts for the control channel. A table of possible carrier frequencies 
at which the control channel or channels are being broadcast is included in the boot 

2 5 code. These frequencies may be both in-band and out-of-band. The boot code will 

cause the set-top terminal to tune each of these frequencies in turn until the control 
channel is located and a carrier lock is obtained. If no control channel is received at 
a particular frequency for a predetermined period of time, the set-top terminal will 
tune the next frequency in the table. 

3 0 The control channel is a stream of data packets that can be received and used 

by the set-top terminal. In order to broadcast a number of different objects 
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simultaneously, the headend will divide objects to be transmitted over the control 
channel into packets. The packets of the various objects being transmitted can then 
be interspersed or time-multiplexed together so that several objects are all 
transmitted essentially simultaneously. The packets for each particular object will 
5 have a common packet identifier or "PLD." Thus, a set-top terminal can identify the 
packets for the object it is working to acquire. By acquiring all the packets with a 
particular PID, the complete object can then be reassembled by the set-top terminal 
from the set of packets with that particular PID. 

According to the present invention, a set-top terminal can start anywhere in 
10 the progression to acquire an object and wrap around until all the necessary packets 
are downloaded. For example, the set-top terminal may load the first packet it 

receives with a PID X. That packet may be packet 50 of 100 marked by PID X. 

i 

The terminal then continues to collect packets 51 to' 100 with PID X, then 1 to 49. 
With all 100 packets obtained, the terminal can reassemble the packetized object. 

1 5 Of particular concern to the present invention it the potential need to 

broadcast a number of objects simultaneously to accommodate different types or 
classes of set-top terminals in the population. Each class of set-top terminals may 
need a different version of, for example, the base platform code, the O/S or a 
resident application. Therefore, when the boot code is going to initialize the set-top 

2 0 terminal and must acquire the base platform code, the boot code must determine 
where to acquire the base platform appropriate to the set-top terminal on which it is 
running. 

The process for identifying the correct object to download will now be 
described in detail with reference to Figs. 3 and 4. As shown in Fig. 3, the 
2 5 processor (321 ) of the set-top terminal (300) controls a tuner (323) to tune a control 
channel over which data and programming are being broadcast by the headend to 
the population of set-top terminals. % 

The set-top box (300) will have a table of carrier frequencies at which the 
headend may be broadcasting a control channel of data and programming. As 
30 shown in Fig. 4, the method of the present invention may begin with the set-top 
terminal tuning the first control channel listed in that table (401). Once the carrier 
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lock is achieved and the control channel is being received, the boot code will begin 
collecting packets from the transport stream on the control channel that are 
identified with PID 1 (402). PID 1 is dedicated to the conditional access message in 
the MPEG standard. The packets of PID 1 will provide the boot code running on 
5 the set-top terminal with a Conditional Access Table (CAT) of EMM Provider IDs 
each of which identifies a PID for a setigf packets on the transport stream that 
constitute an EMM stream (Entitlement Management Message) (403, 404). 

The boot code will begin with the first EMM Provider ID and begin loading 
packets from the transport stream that are marked with the EMM PID given by the 
1 0 first EMM Provider ID (405). The EMM PID packets being acquired will contain a 
boot code message of the present invention which, in turn, includes a platform 
identifier. Thus, the Entitlement Management Message will be extracted from the 
EMM PID packets acquired (406) and the platform identifier from the EMM will be 
extracted (407). 

15 As shown in Fig. 3, the boot code (302) which is factory-installed in the set- 

top terminal will also include a platform identifier (320) that is specific to the type, 
architecture and capabilities of terminal (300) in which the boot code is resident. 
When running, the boot code will attempt to match the platform identifier provided 
at the factory with the platform identifier from the boot code message of the EMM 

20 PID packets (408, 409). 1 * 

If no match is found, the boot code will select the next EMM Provider ID in 
the CAT and check the packets of the EMM PID identified by that EMM Provider 
ID for a boot code message with a matching platform identifier (410, 405). This 
continues until the matching platform identifier is found . It may be possible to 

2 5 search multiple EMM PED's simultaneously to reduce the EMM validation time and 

the time required to find the matching boot code message. 

If all the EMM Provider IDs in the CAT of PID 1 are checked and no match 
is found for the platform identifier (410), the boot code will look for another control 
channel on another carrier frequency by returning to the table of carrier frequencies 

3 0 (401). When another frequency with a control channel is identified and locked, the 

boot code will extract PID 1 and repeat the process outlined above. This continues 
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until a boot code message with a platform identifier matching the platform identifier 
of the boot code is found. 

When the boot code finds a boot code message with a matching platform 
identifier, the boot code will extract a download PID (DL PID) specified by the 
5 EMM with the matching platform identifier (411). The download PID (DL PID) is 
the identifier for the packets that carry the code object, e.g., the base platform code 
object, that is appropriate for the type of set-top terminal (300) with the platform 
identifier (320). The boot code can then download the base platform code or other 
code object by acquiring the packets with the DL PID and reassembling the data in 

1 0 those packets into the base platform code. 

As will be understood by those in the art, the platform identifier (320) of the 
present invention can be used to check 'any type of code object for is compatibility 
with the terminal in which the identifier (320) is resident. The invention is not 
limited to the use of the identifier (320) by the boot code (302) to locate and identify 

15 an appropriate base platform code. The platform identifier (320) of the present 

invention can be used in the same manner described above, for example, by the base 
platform code to identify and acquire an operating system object designed for the 
downloading set-top terminal. The platform identifier (320) can also be used to 
identify other elements of the native suite, i.e., resident applications, that are 

2 0 appropriate for the downloading set-top terminal. 

Additionally, the platform identifier (320) of the present invention need not 
necessarily be incorporated into the boot code (302). Rather, the platform identifier 
(320) can be stored anywhere within the set-top terminal (300) where it can be 
accessed by the executing programs that require it to identify appropriate code 

25 objects for download. , .' 

As shown in Fig. 2, once the tiase platform code has been downloaded or 
identified as already resident in Flash memory, an authentication check (206) is 
performed to verify that the base platform code has been accurately and completely 
received and has not been altered by an unauthorized party. If the base platform 

30 fails the authentication check, it is deleted (208). A load counter may then be 
checked to determine the number of times the set-top terminal has attempted to 
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acquire a valid base platform code (209). If the counter exceeds a predetermined 
limit, the set-top terminal may signal the headend for a service call or may indicate 
the need to request a service call to the subscriber (210). If the load counter is not 
exceeded, the boot code will revert to the process described above and attempt again 
5 to download the base platform code (207). 

Alternatively, if the base platform code is authenticated, it is then launched 
(211). The base platform code will then determine if the native suite, including the 
O/S, is loaded in the Flash memory (214). If it is not, the base platform code will 
seek to download the native suite. 

1 0 With the base platform code running, the system operator may provide the 

set-top terminal with a set of "initialization messages" that provide, for example, 
channel maps, tables and EMM information (219, 212). These messages should be 
provided before the native suite is loaded. The initialization messages may instruct 
the set-top terminal where to acquire the native suite. 

15 After the native suite has been downloaded, or is found already existing in 

Flash memory, an authorization check is performed on the native suite (215, 220, 
224, 223). The download of the native suite will include an Object Conditional 
Access Message (OCAM) that is recorded by the set-top terminal. The 
authentication signature and authorization code for the native suite object are 

2 0 provided in the OCAM and used to authorize and authenticate the native suite in the 
manner described below. 

If the authorization check is not successful, the native suite code will be 
deleted (225, 217) and the base platform code will again attempt to acquire the 
native suite (221). If the authorization check is successful, the native suite and any 

2 5 resident applications associated with it, are loaded and an authentication check is 

performed (222). As before, if the authentication check fails, the downloaded code 
will be deleted (217) and a load counter will be checked (216) to see if another 
attempt to download the code should be made or a service call signaled (213). 

Alternatively, if the authentication check (222, 218) is successful, the native 

3 0 suite and any associated resident applications will be executed beginning with the 

O/S (226, 227). The base platform code performs the authorization and 
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authentication on the O/S code. If the O/S passes the authorization and 
authentication checks, the O/S is executed and control is transferred to the O/S. The 
BIOS (Basic Input/Output Software) may perform the authorization and 
authentication of the remainder of the native suite (215, 224, 222). 
5 In summary, various portions of the boot process include an object 

authorization and authentication (A&A) process for newly acquired or located 
objects. The authorization check of the native suite is done within the base 
platform. The authorization of the base platform is, in turn performed by the boot 
code, which can only authenticate a base platform object. When running, the O/S of 

10 the native suite performs the authentication and authorization of subsequently 

loaded objects. These checks are reqi^jre^ so that, given an interruption in power, 
etc., the authorization status of the teririihal can be verified. If, at any point an 
authorization or authentication check fails, the object being checked is disabled. 
Authentication is performed as follows. When a code object is broadcast 

1 5 over the cable network, it is associated with an authorization code and an 

authentication signature. For the base platform object, the authorization code is 
preferably given in an objected field of the boot code message. The authentication 
signature is preferably given in an object_description field of the boot code 
message. For other objects, such as the O/S and the native suite, the authorization 

2 0 code and authentication signature are provided in an OCAM downloaded with the 
object. 

The authentication signature is computed mathematically using a specific 
algorithm with the code object itself as the input for the algorithm. The signature is 
then re-computed by the set-top terminal using the same algorithm and the 

2 5 downloaded code as input. If the signature computed by the set-top terminal 

matches the one transmitted with the code, the code can be implemented with 
confidence that its has been transmitted properly, without inadvertent or malicious 
alteration. 

The present invention provides for two basic ways to upgrade the basic 

3 0 platform in a population of set-top terminals once those terminals have been placed 

in full service. These two methods of upgrade are (1) a universal upgrade of the 
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entire population (i.e., the entire population tuned to a particular control stream) and 
(2) a targeted upgrade of a subset or subsets of the population. Both methods may 
make use of the boot code to perform ^the upgrade. 

A universal upgrade is accomplished by broadcasting an order from the 

5 headend for all set-top terminals on the control stream to delete their existing base 
platform object. The boot code then begins executing, assumes control, and 
performs the initialization procedure outlined above, including replacing the deleted 
base platform with a base platform downloaded over the cable network. 

A targeted upgrade applies to a single terminal or a small group of terminals 

0 on a given control channel. Each terminal has a specific single-cast address and can, 
therefore, be addressed by the headend and instructed to delete the existing base 
platform code and re-initialize with upgrade code. Alternatively, each terminal has 
one or more multi-cast addresses that are shared by other terminals in the 
population. Four such multi-cast addresses for each terminal are preferred. With a 

5 multi-cast address, the headend can signal a code purge and re-initialization for a 
specific class of terminals that share that particular multicast address. 

In a targeted upgrade, the baseiplatform, using standard download messages, 
sets up download parameters in a start-up database in non- volatile memory (See Fig. 
3) and allows the boot code to take control. The boot code then uses the parameters 

: 0 to acquire the upgraded base platform code, replacing the original base platform 
code. This is done while the older version of the base platform code is still spinning 
at a location indicated by the boot message. 

In addition to the examples given above, an upgrade need not disturb the 
base platform code. Rather, the upgrade or reset signal, whether universal or 

! 5 targeted, may instruct the set-top terminal(s) to terminate and delete only the 
operating system (O/S), the entire native suite, or one or more particular resident 
applications. Control then returns to the base platform code which will acquire and 
authenticate a new O/S, entire native suite, or portions of the native suite as 
necessary. In this way, the native suite (or just the O/S) can be upgraded without 

) 0 requiring the base platform code to be ^acquired as well; 
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Fig. 3 illustrates four memory units of a set-top terminal (300) according to 
the present invention. A read-only memory unit (ROM) (301) contains the boot 
code (302). A flash memory unit (303) contains the base platform code (304) and 
the O/S object (306). Aside from these objects, additional flash memory is available 
5 (305). Two stack pointers (307, 308) designate absolute locations in the Flash 
memory (303) for the base platform code (304, 308) and the O/S (306, 307). It is 
important that these two objects are always located at the same location in Flash 
(303). 

A non- volatile memory unit (310) preferably has both a managed and a non- 

1 0 managed segment. The base platform code (304) may store parameters and other 

■ » c - * 

data in the non-managed portion of the' non-volatile memory unit (310). 

Finally, a random access memory unit (RAM) (309) is provided. 

Downloaded objects such as the base platform code, the O/S, etc. may be stored in 

the RAM (309) until authenticated. Once authorization and authentication are 

1 5 successfully completed, the objects may be transferred from the RAM (309) to the 

Flash memory unit (303) for long-term storage. 

The preceding description has been presented only to illustrate and describe 

the invention. It is not intended to be exhaustive or to limit the invention to any 

precise form disclosed. Many modifications and variations are possible in light of 

20 the above teaching. 

The preferred embodiment was chosen and described in order to best explain 

the principles of the invention and its practical application. The preceding 

description is intended to enable others skilled in the art to best utilize the invention 

in various embodiments and with various modifications as are suited to the 

2 5 particular use contemplated. 
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WHAT IS CLAIMED IS: 

1 . A method of identifying a ! code object for download by a set-top 
terminal from a data transport stream broadcast to the set-top terminal over a cable 

5 television system where the object identified is appropriate to the architecture and 
capabilities of the set-top terminal, the method comprising matching a platform 
identifier stored in said set-top terminal with a platform identifier in a download 
locator message that specifies where in said data transport stream a particular code 
object can be acquired, wherein said platform identifier is specific to said 
1 0 architecture and capabilities of said set-top terminal. 

2. The method of claim 1, wherein said download locator message is an 
entitlement management message. 

15 3. The method of claim 1 , further comprising tuning said data transport 

stream with said set-top terminal basedbh a table of dohtrbl channels carrying data 
transport streams. 

4. The method of claim 1, further comprising collecting PID 1 packets 
2 0 from said data transport stream and extracting therefrom a table specifying packet 

identifiers for a plurality of download locator messages being transmitted on said 
data transport stream. 

5. The method of claim 4, further comprising successively acquiring 

2 5 said plurality of download locator messages according to said table and extracting 
platform identifiers therefrom until a download locator message is found bearing a 
platform identifier that matches said platform identifier stored in said set-top 
terminal. 

30 6. The method of claim 5, A fmther comprising obtaining locator data 

from said download locator message having a platform identifier that matches said 
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platform identifier stored in said set-top terminal, wherein said locator data specifies 
where in said data transport stream a particular code object can be acquired. 



7. The method of claim 6, further comprising downloading to said set- 
5 top terminal said particular code object specified by said locator data from said 
download locator message having a platform identifier that matches said platform 
identifier stored in said set-top terminal. 



8. The method of claim 1, wherein said code object is a base platform 
10 code object. ' ; i i 

9. The method of claim 1, wherein said code object is an operating 
system code object. 

15 10. The method of claim 1 , wherein said code object is a resident 

application code object. 



11. A system for of identifying a code object for download by a set-top 
terminal from a data transport stream broadcast to the set-top terminal over a cable 
2 0 television system where the object identified is appropriate to the architecture and 
capabilities of the set-top terminal, the system comprising: 

means for obtaining a first platform identifier in a download locator message 
that specifies where in said data transport stream a particular code object can be 
acquired; and 

2 5 means for matching said first platform identifier with a second platform 

identifier stored in said set-top terminal, 

wherein said platform identifier is specific to said architecture and 
capabilities of said set-top terminal. 



30 12. The system of claim 1 1 , wherein said download locator message is 

an entitlement management message. 
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13. The system of claim 1 1 , further comprising means for tuning said 
data transport stream with said set-top terminal based on a table of control channels 
carrying data transport streams. 

5 

14, The system of claim 1 1 , further comprising: 

means for collecting PID 1 packets from said data transport stream; and 
means for extracting therefrom a table specifying packet identifiers for a 
plurality of download locator messages being transmitted on said data transport 
10 stream. 



15. The system of claim 14, further comprising means for successively 
acquiring said plurality of download locator messages according to said table and 
extracting platform identifiers therefrom until a download locator message is found 
15 bearing a first platform identifier that matches said second platform identifier stored 
in said set-top terminal. 



16. The system of claim 15, further comprising means for obtaining 
locator data from said download locator message having said first platform 

2 0 identifier that matches said second platform identifier stored in said set-top terminal, 
wherein said locator data specifies where in said data transport stream a particular 
code object can be acquired. 

17. The system of claim 1 6, further comprising means for downloading to 
2 5 said set-top terminal said particular code object specified by said locator data from 

said download locator message having said first platform identifier that matches 
said second platform identifier stored in said set-top terminal. 

18. The system of claim 1 1 wherein said code object is a base platform 
30 code object. 
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1 9. The system of claim 1 1 , wherein said code object is an operating 
system code object. 



20. The system of claim 1 1 , wherein said code object is a resident 
5 application code object. 
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